Suggestions of a zone-based firewall platform that can meet the following hard requirements

1. Solid IPSec implementation, support route based IPSec (i.e. Cisco VTI style IPSec ) up to 1000 peers;
2. Solid routing protocol implementation, mainly BGP;
3. Solid VRF lite implementation (route leaking, static NAT cross VRFs)
4. Can do 10Gbps+ IPSec, 30 million packet per second firewall throughput for small packets (whatever that translates to bps value)
5. Solid netconf implementation
6. Support clustering (we need a single control plane)
7. Support gprs inspection (sctp application and gtpc/u)

Edit:

We basically need something like AWS’s VGW functionality plus NAT and firewalling, but we don’t have the man power to develop that in house . Juniper SRX-HE can do it but its IPSec implementation is disappointing, we are looking for an alternative